Security

Error opening CA Certificate ca.pem

eworman
New Member

I just installed Splunk 4.3 (splunk-4.3-115073-freebsd-7.3-amd64.tgz) on a FreeBSD 7 machine. When I try launching Splunk this is the error I get

Splunk> Needle. Haystack. Found.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory...
Validated databases: _audit _blocksignature _internal _thefishbucket history main summary
Done
New certs have been generated in '/opt/splunk/etc/auth'.
Success
Checking conf files for typos...
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Timed out waiting for splunkd to start.
Starting splunkweb... Generating certs for splunkweb server
Generating a 1024 bit RSA private key
..++++++
..++++++

writing new private key to 'privKeySecure.pem'

Signature ok
subject=/CN=splunk.{domainname}.com/O=SplunkUser
Error opening CA Certificate ca.pem
1391:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('ca.pem','r')
1391:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
unable to load certificate
Command failed (ret=1), exiting.

Tags (2)
0 Karma

campbellj1977
Explorer

setenforce 0

Then reinstall Splunk. RPM Rpm -ihv --force splunk*.rpm

Windows Use GUI

Then start Splunk again.

eworman
New Member

That file did not exist. There was a ca.pem.default file which I renamed ca.pem. Splunkd still times out when it launches. Here's the output of the ca.pem file


Certificate:
Data:
Version: 1 (0x0)
Serial Number:
c0:b1:f4:21:39:fa:d6:69
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
Validity
Not Before: Jul 24 17:12:19 2006 GMT
Not After : Jul 21 17:12:19 2016 GMT
Subject: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c9:99:be:79:ca:f6:a6:d4:6a:86:81:32:b4:75:
f1:d7:58:98:81:d0:58:7c:7e:c7:49:15:17:39:77:
10:49:3c:56:82:fe:49:66:b5:b2:c5:2d:b6:2e:5d:
d0:b6:26:1e:1c:9b:fb:a1:8f:5f:c5:5a:60:34:59:
b8:5b:d3:6a:e8:01:5d:37:67:74:97:d2:91:f2:15:
ad:d4:77:2a:ab:f5:fe:44:44:9d:00:60:50:3e:cb:
95:21:6c:c9:c3:f7:39:61:b3:b2:7c:b9:cb:9b:dd:
7b:c0:f2:b9:fb:f5:e8:e4:62:d0:d7:da:b3:10:58:
f3:59:60:f7:2b:c5:41:21:8b
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
a5:b7:ec:d1:70:4e:29:09:38:ca:3d:67:c7:23:98:90:f3:f7:
06:b8:c9:c9:01:32:51:00:d7:fb:3a:93:a3:a6:cd:91:f4:82:
40:2c:b0:bb:2d:46:40:5a:be:5a:f5:b8:80:4f:67:62:5f:b1:
ee:85:8e:82:79:7a:40:b5:02:85:e4:22:7c:26:0a:ca:56:19:
35:42:a1:ef:2b:c2:15:34:c5:a8:f4:1a:c0:be:c0:0d:f2:90:
bf:94:2a:e5:f3:ea:21:37:a0:37:27:2e:bd:2a:c6:23:53:d8:
ec:5d:4f:1c:fe:10:1f:53:d3:29:d1:c7:f1:76:28:bd:61:75:

f0:91

Here is the revised output when trying to start splunk


Splunk> CSI: Logfiles.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory...
Validated databases: _audit _blocksignature _internal _thefishbucket history main summary
Done
Success
Checking conf files for typos...
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Timed out waiting for splunkd to start.

0 Karma

Chubbybunny
Splunk Employee
Splunk Employee

greetings!!
if you can, post the contents of the $pem file?

try:
openssl x509 -in /opt/splunk/etc/auth/ca.pem -noout -text

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...